Getting Data In

Splunk cloud - how to send data using http event collector

dkgs
Communicator

Hi,

I am new to using http event collector. I already received the hec token.

I need to send data to splunk cloud , using the provided token.

Any help would be appreciated.

Thanks

Labels (4)
0 Karma

richgalloway
SplunkTrust
SplunkTrust
0 Karma

dkgs
Communicator

@richgalloway  Could you please share a sample request which can be sent to test the connectivity from the machine with Splunk Cloud provided the hec token= abcdefghijklmnop

I see a lot of examples, but giving different errors.

It would be great if you can help with an example

0 Karma

richgalloway
SplunkTrust
SplunkTrust
I have used HEC, but not in Splunk Cloud so I don't have working examples. There are several examples in the documentation, however. Share the errors you are getting and perhaps someone can suggest a solution.
---
If this reply helps you, an upvote would be appreciated.

dkgs
Communicator

@richgalloway  Below is one of the example i saw in the document for splunk cloud.

If the splunk cloud is accessible with the DNS shared by the client, should we add the port 8088 also ?

Also are we executing these from command prompt ? or what other way we can pass the data using hec.

since i am a beginner in using hec, any help would be appreciated

curl -k "https://mysplunkserver.example.com:8088/services/collector" \
    -H "Authorization: Splunk CF179AE4-3C99-45F5-A7CC-3284AA91CF67" \
    -d '{"event": "Hello, world!", "sourcetype": "manual"}'

 

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust
Yes, curl commands are run from the command prompt. You can send to HEC using any method that performs and HTTP POST action, such as a Python script (See https://github.com/georgestarcher/Splunk-Class-httpevent) or a browser plug-in like POSTER.
---
If this reply helps you, an upvote would be appreciated.